The NCSC have recently updated their malware and ransomware guidance for businesses and individuals, with a particular focus on helping people prepare for attacks and mitigate the impacts an incident can have.
The previous guidance – which was published in February 2020 – has been significantly altered as a result of the COVID-19 pandemic. With many staff now working from home, there has never been a more important time to keep technology and devices protected from cyber-attacks.
The Deputy Head of Consultancy and Advice at the NCSC highlights the following as the main updates to the guidance:
1. Additional section added to help organisations prepare for an incident
2. Updated the modus operandi of attackers
3. Additional detail added regarding backups, preventing malware from being delivered, spreading to devices and running on them
4. Re-emphasis of the key steps to take if your organisation has already been infected with malware
Two of the primary methods for mitigating the impact of these attacks are highlighted in the NCSC blog post. The Deputy Head of Consultancy and Advice adds: “The guidance still helps organisations manage the threat posed by malware and ransomware, but there are two things I wanted to re-emphasise.
“[1] Having up-to-date and tested offline backups – offline backups are the most effective way to recover from a ransomware attack. [2] Disabling or constraining scripting environments – disabling or constraining scripting environments makes it much harder for an attacker to deploy ransomware using batch or PowerShell scripts.”
He goes on to say: “Whilst we recognise that not all organisations have crack teams of security architects at their disposal, we believe this guidance provides an achievable set of actions that most organisations will be able to implement. This is why we have also included additional and updated references to resources, which will help you prepare and respond to malware attacks.”
To read the NCSC blog post click here.
To read the updated malware and ransomware guidance click here.